What is a TCP setup?
TCP setup is more or less a historical thing. It allows the user to change some network and low level settings using telnet. If you telnet to port 99 of any unit, you will enter the TCP setup. Its main advantage is a much faster search for sensors, but it is really not needed for anything else.
Why do we change the default configuration?
By principle, the TCP setup is a device configuration, so it will stop all Poseidon and Damocles activities when it is being used. Therefore it presents a security issue. The settings are protected by a username and password, but only connecting to port 99 will stop your unit from measuring and alarming. This is not an issue when you are on a firewall protected internal network, but it can present a way for an attacker to disable your measurements.
I am using the TCP setup and I do not want to lose it!
You will not lose the TCP setup, but you need to manually enable it (on new and factory reset units) on the General setup page of the WWW interface. You will do this by setting the "TCP Telnet Setup" port to anything but 0. So far, 99 has been the default value.
How do I secure an existing device?
If you are worried about the security, you can disable the TCP setup by setting the "TCP Telnet Setup" port to 0. This way the TCP setup will be disabled.
We believe this change will not present any issues to you and that it will improve the security of your devices. If you have any questions regarding this change, please contact our technical support at support [at] hwg [dot] cz.
You can get the latest firmware HERE.